Changes

← Older edit

Man/vzctl.8

19,831 bytes added, 18:21, 23 April 2015

Automated import of articles *** existing text overwritten ***

[flags] create

CTID~~ [--ostemplate name][--config name][~~--~~root ~~parameter value</~~b><~~i>~~path]~~[~~--private path][--ipadd addr][--hostname name~~...] </td></tr>

[flags] start CTID [--wait]

[--force] [--skip-fsck][--skip-remount] </td></tr>

[flags] stop CTID[--fast][--~~fast~~skip-umount] </td></tr>

[flags] restart CTID

[--wait] [--force] [--fast][--skip-fsck] [--skip-remount]</td></tr>

[flags] ~~chkpnt~~suspend | ~~restore~~resumeCTID [--dumpfile name] </td></tr>

[flags] ~~set~~snapshot CTID ~~[--save][--setmode restart|ignore][--onboot yes|no]~~[--~~bootorder~~id ~~number][--root ~~uuid</~~b><~~i~~>path][--private path][--userpasswd user:pass][--disabled yes|no</b~~>]

[--name name]

[--description ~~string~~desc][--~~ipadd ~~skip-suspend</b~~>addr</i~~>][--~~ipdel ~~skip-config]<i/p>~~addr~~</itd>|<b/tr>~~all~~</btr valign="top" align="left">][<btd width="11%">~~--hostname ~~</btd><itd width="7%">~~name]~~[<bp>~~--nameserver ~~~~addr~~vzctl</~~i>]~~[~~--searchdomain ~~</~~b><i~~p>~~name~~</itd>][<btd width="2%">~~--netif_add ~~</btd><itd width="80%">~~dev~~ </ip>[,~~params~~flags~~...]~~][snapshot-~~-netif_del ~~switch~~dev~~CTID~~|all]~~[--~~ifname~~skip-resume ~~dev~~[| --~~mac ~~must-resume</b~~>hwaddr</i~~>][--~~host_ifname ~~skip-config</b~~>dev</i~~>][--~~host_mac ~~id~~hwaddr~~uuid][<b/p>~~--bridge ~~</btd><i/tr>~~name~~</itr valign="top" align="left">][<btd width="11%">~~--mac_filter on~~</btd>|<btd width="7%">~~off]]~~[<bp>~~--numproc ~~~~items~~vzctl</~~i>]~~[~~--numtcpsock ~~</bp>~~items~~</itd>][<btd width="2%">~~--numothersock ~~</btd><itd width="80%">~~items~~ </ip>][~~--vmguarpages ~~~~pages~~flags][snapshot-~~-kmemsize ~~delete~~bytes~~CTID][--~~tcpsndbuf ~~id~~bytes~~uuid][<b/p>~~--tcprcvbuf ~~</~~b><i~~td>~~bytes~~</itr>][<btr valign="top" align="left">~~--othersockbuf ~~</btd width="11%">~~bytes~~</itd>][<btd width="7%">~~--dgramrcvbuf bytes]~~[<bp>~~--oomguarpages ~~~~pages~~vzctl</~~i>]~~[~~--lockedpages ~~</~~b><i~~p>~~pages~~</itd>][<btd width="2%">~~--privvmpages ~~</btd><itd width="80%">~~pages~~ </ip>][~~--shmpages ~~~~pages~~flags][snapshot-~~-numfile ~~mount~~items~~CTID][--~~numflock ~~id~~items~~uuid][--~~numpty ~~target~~items~~dir][<b/p>~~--numsiginfo ~~</~~b><i~~td>~~items~~</itr>][<btr valign="top" align="left">~~--dcachesize ~~</btd width="11%">~~bytes~~</itd>][<btd width="7%">~~--numiptent num]~~[<bp>~~--physpages ~~~~pages~~vzctl</~~i>]~~[~~--swappages ~~</bp>~~pages~~</itd>][<btd width="2%">~~--ram ~~</btd><itd width="80%">~~bytes~~ </ip>][~~--swap ~~~~bytes~~flags][snapshot-~~-cpuunits ~~umount~~num~~CTID][--~~cpulimit ~~id~~num~~uuid][<b/p>~~--cpus ~~</btd>~~num~~</itr>][<~~b>--cpumask </b~~tr valign="top" align="left"><itd width="11%">~~cpus~~</itd>|<btd width="7%">~~all~~ </bp>][~~--meminfo none~~vzctl~~|mode~~</~~i>:<i~~p>~~value~~</itd>][<btd width="2%">~~--iptables ~~</btd><itd width="80%">~~name~~ </ip>][~~--netdev_add ~~~~ifname~~flags][snapshot-~~-netdev_del ~~list~~ifname~~CTID][-~~-diskquota yes|no~~H][-~~-diskspace ~~o~~num~~field][~~--diskinodes ~~,~~num~~field...][--~~quotatime ~~id~~seconds~~uuid][<b/p>~~--quotaugidlimit ~~</btd><i/tr>~~num~~</itr valign="top" align="left">][<btd width="11%">~~--noatime yes~~</btd>|<btd width="7%">no </bp>][~~--capability ~~vzctl~~capname~~</~~i>:<b~~p>on</btd>|<btd width="2%">~~off~~</btd>][<btd width="80%">~~--devnodes ~~ </bp>[~~param~~flags][~~--devices ~~set~~param][~~CTID --~~pci_add ~~parameter value</~~b><~~i>~~dev]~~[~~--pci_del dev~~...][--~~features param:on|off~~save][--~~applyconfig ~~force</b~~>name</i~~>][--~~applyconfig_map~~setmode restart~~group]~~[|~~--ioprio ~~ignore</b~~>num</i~~>] </td></tr>

[flags] ~~enter~~console CTID~~[--exec command ~~[~~arg ~~ttynum~~...]~~] </td></tr>

[flags] ~~runscript~~convert CTID ~~script~~[--layout ploop[:{expanded|plain|raw}]]</td></tr>

[flags] ~~--help~~compact | <bi>~~--version~~CTID</bi></td></tr><tr valign="top" align="left"><td width="11%"></~~table~~td><td width="7%">

vzctl</td><td width="2%"></td><td width= ~~DESCRIPTION ==~~"80%">

[flags] exec | exec2 CTIDcommand [arg ...]</td></tr><tr valign="top" align="~~margin-~~left~~:11%; margin-top: 1em~~">~~Utility~~<btd width="11%">~~vzctl~~</btd> ~~runs on the host system (otherwise known asHardware Node, or HN) and performs direct manipulations withcontainers (CTs).~~</ptd width="7%">

~~Containers canbe referred to by either numeric~~ <ib>vzctl~~CTID~~</itd> ~~or by name (see~~<btd width="2%">~~--name~~</btd> ~~option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes.~~</ptd width="80%">

[flags] enter CTID[--exec command [arg ...]] </td></tr><tr valign="top" align= ~~OPTIONS~~ "left"><td width="11%"></td><td width="7%">

vzctl</td><td width="2%"></td><td width="80%"> [flags] runscript CTID script</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="7%"> vzctl</td><td width="2%"></td><td width="80%"> --help | --version</td></tr></table> == DESCRIPTION == Utilityvzctl runs on the host system (otherwise known asHardware Node, or HN) and performs direct manipulations withcontainers (CTs). Containers canbe referred to by either numeric CTID or by name (see--name option). Note that CT ID <= 100 arereserved for OpenVZ internal purposes. A numeric ID shouldnot be more than 2147483644. == OPTIONS == === Flags ===

These flags come before a

=== Setting container parameters ===

<~~p style~~table width="~~margin-left:11~~100%;"~~>set CTID~~border="0" rules="none" frame="void"~~parameters [--save] [--force]</p~~ cellspacing="0" cellpadding="0"> <~~p style~~tr valign="top" align="~~margin-~~left~~:17%;~~">~~This command sets variouscontainer parameters. If a~~ <btd width="11%">~~--save~~</btd> ~~flag is given,parameters are saved in container configuration file[[Man/ctid.conf.5|~~<~~b>ctid.conf(5)]]. Use --force to save theparameters even if the current kernel doesn’t supportOpenVZ. If the container is currently running, vzctlapplies these parameters to the container.</p~~td width="4%">

~~The followingparameters can be used with~~ set ~~command.~~</td><td width="2%"></td><td width="83%">

~~==== Miscellaneous ====~~ CTID[--onboot  yes |no][--bootorder number][--root path][--private path][--mount_opts options][--userpasswd user:pass][--disabled yes|no][--name name][--description string][--ostemplate </pb>string][--stop-timeout seconds][--ipadd addr][--ipdel addr|all][--hostname name][--nameserver <~~p style="margin~~/b>addr][--~~left:17%~~searchdomain "name~~Sets whether the container will~~]~~be started during system boot~~[--netif_add dev[,params... ~~The container will not be~~]][--netif_del dev|all][--ifname dev[--mac hwaddr]~~auto~~[--~~started unless this parameter is set to~~ host_ifname dev][~~yes~~--host_mac .hwaddr</pi>][--bridge name][<~~p style="margin~~b>--~~left:11%~~mac_filter "on|off]][--~~bootorder~~numproc items][--numtcpsock ~~number~~items][--numothersock </pb>items][--vmguarpages pages][<~~p style="margin~~b>--~~left:17%~~kmemsize "bytes~~Sets the boot order priority~~]~~for this CT. The higher the~~ [--tcpsndbuf ~~number~~bytes ~~is, the earlier in~~]~~the boot process this container starts. By default this~~[--tcprcvbuf bytes]~~parameter is unset, which is considered to be the lowest~~[--othersockbuf bytes]~~priority, so containers with unset~~ [~~bootorder~~--dgramrcvbuf  ~~will~~bytes]~~start last.~~[--oomguarpages pages</pi>][--lockedpages pages][<~~p style="margin~~b>--~~left:11%~~privvmpages "pages][--~~root~~shmpages  ~~path~~pages][--numfile items</pi>][--numflock items][<~~p style="margin~~b>--~~left:17%~~numpty "items~~Sets the path to root directory~~]([~~VE_ROOT~~--numsiginfo ~~) for this container. This is essentially a~~items]~~mount point for container~~[--dcachesize&~~rsquo~~nbsp;~~s root directory. Argument~~bytes]~~can contain literal string~~ [~~$VEID~~--numiptent ~~, which will be~~num]~~substituted with the numeric CT ID.~~[--physpages pages</pi>][--swappages pages][<~~p style="margin~~b>--~~left:11%~~ram "bytes][--~~private~~swap bytes][--vm_overcommit ~~path~~float][--cpuunits num</pi>][--cpulimit num][<~~p style="margin~~b>--~~left:17%~~cpus "num~~Sets the path to private~~]~~directory (~~[~~VE_PRIVATE~~--cpumask cpus|auto|all~~) for this container. This is a~~]~~directory in which~~ [--nodemask nodes|all ~~the container~~][--meminfo&~~rsquo~~nbsp;~~s files are~~none|mode:value]~~stored~~[--iptables name[,... ~~Argument can contain literal string~~ ]][--netfilter disabled|stateless|stateful|full][--netdev_add ifname][--netdev_del ifname][--diskquota yes|~~$VEID~~no,]~~which will be substituted with the numeric CT ID.~~[--diskspace num</pi>][--diskinodes num][<~~p style="margin~~b>--~~left:11%~~quotatime "seconds][--~~userpasswd~~quotaugidlimit num][--capability ~~user~~capname:on|off[,...]][--devnodes param][--devices param~~password~~][--pci_add dev</pi>][--pci_del dev][<~~p style="margin~~b>--~~left~~features name:~~17%~~on|off[,...]][--applyconfig name][--applyconfig_map "group~~Sets password for the given~~]~~user in a container, creating the user if it does not~~[--ioprio num]~~exists. Note that this option is not saved in configuration~~[--iolimit mbps]~~file at all (so~~ [--iopslimit iops] [--save ~~flag is useless), it is~~]~~applied to the container (by modifying its~~ [--force</~~etc~~b>] [--reset_ub</~~passwd and~~b>][--setmode restart</~~etc~~b>|ignore</~~shadow files).~~b>] </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"></td><td width="2%"></td><~~p style~~td width="~~margin-left:17~~83%~~; margin-top: 1em~~">~~In case~~ This command sets various container parameters. If thecontainer ~~root filesystem~~ is ~~not mounted~~currently running, ~~it is~~vzctl applies these~~automatically mounted, then all~~ parameters to the ~~appropriate file changes~~container. The following options can be~~are applied, then it is unmounted~~used with set command.</td></tr></table>

~~Note thatcontainer should be created before using this option.~~=== Flags ====

--~~disabled yes |no~~save

~~Disable~~ If this flag is given,parameters are saved in container ~~start~~configuration file[[Man/ctid.conf. To~~force the start of a disabled container, use~~ 5|~~vzctl start--force~~ctid.conf(5)]].

--~~name~~force</b~~> name</i~~>

~~Add a name for a container. The~~If this flag is given togetherwith <ib>~~name~~--save</ib> ~~can later be used in subsequent calls to~~, parameters are saved even if the currentkernel doesn’t support OpenVZ. Note this flag does notmake sense without ~~vzctl~~--save ~~in place of~~ , so <ib>~~CTID~~--save</ib>isrequired.

--~~description~~reset_ub~~string</i~~>

~~Add a textual description for~~ If this flag is given,vzctl applies all User Beancounter parameters fromthe configuration file to arunning container. This ishelpful in case configuration file is modified manually.Please note this flag is exclusive, i.e. it can not be~~container~~combined with any other options or flags.

--setmoderestart|ignore

~~Whether to restart a~~ A few parameters can only beapplied by restarting the container. By default,~~after applying~~ vzctl prints a warning if such parameters ~~that require the~~ aresupplied and a container is running. Use --setmoderestart together with --save flag to berestart a~~restarted~~ container in ~~order~~ such a case, or --setmode ignore to ~~take effect~~suppress the warning.

==== ~~Networking~~ Miscellaneous ====

--~~ipadd~~onboot yes |<ib>~~addr~~no</ib>

~~Adds an IP address~~ Sets whether the container willbe started during system boot. The container will be startedon boot by <ib>~~addr~~vz</ib>initscript if either this parameter isset to ~~a given container. Address can optionally have a netmaskspecified in the CIDR notation (e.g.~~ ~~10.1.2.3/25~~yes)., or the container was running just before~~Note that~~ last reboot, and this ~~option~~ parameter is ~~incremental, so~~ not set to <ib>~~addr~~no</ib> ~~are~~.~~added to already existing ones~~Default value is unset, meaning the container will bestarted if it was running before the last reboot.

--~~ipdel~~bootorder ~~addr~~number</i~~> |all</b~~>

~~Removes IP address~~ Sets the boot order priorityfor this CT. The higher the ~~addr~~numberis, the earlier in~~from a~~ the boot process this containerstarts. ~~If you want~~ By default thisparameter is unset, which is considered to ~~remove all~~ be the ~~addresses~~lowestpriority,~~use~~ so containers with unset ~~--ipdel all~~bootorderwillstart last.

--~~hostname~~root~~name~~path Sets the path to root directory(VE_ROOT) for this container. This is essentially amount point for container’s root directory. Argumentcan contain literal string $VEID, which will besubstituted with the numeric CT ID.

~~Sets container hostname.~~~~vzctl~~--private ~~writes it to the appropriate file inside acontainer (distribution-dependent).~~path

Sets the path to privatedirectory (~~--nameserver~~VE_PRIVATE) for this container. This is adirectory in which all the container’s files arestored. Argument can contain literal string <ib>~~addr~~$VEID</ib>,which will be substituted with the numeric CT ID.

~~Sets DNS server IP address fora container. If you want to set several nameservers, youshould do it at once, so use~~ --~~nameserver~~mount_opts ~~optionmultiple times in one call to~~ <bi>~~vzctl~~option[, ~~as all the nameserver values set in previous calls to~~ ~~vzctl~~option</bi> ~~areoverwritten~~...]

Sets additional mount optionsfor container file system. Only applicable for ~~--searchdomain~~ploop~~name~~layout, ignored otherwise.

~~Sets DNS search domains for acontainer. If you want to set several search domains, youshould do it at once, so use~~ --~~searchdomain~~userpasswd ~~optionmultiple times in one call to~~ <bi>~~vzctl~~user</bi>~~, as all thesearch domain values set in previous calls to~~ :<bi>~~vzctl~~password</bi>~~are overwritten.~~

Sets password for the givenuser in a container, creating the user if it does notexists. Note that this option is not saved in configurationfile at all (so --~~netif_add~~saveflag is useless), it is~~ifname[~~applied directly to the container,~~mac,host_ifname,host_mac,bridge]~~by runningdistribution-specific programs inside the container. It isnot recommended to combine this option with any otheroptions.

~~Adds a virtual Ethernet device~~In case~~(veth) to a given~~ container~~. Here ifname is theEthernet device name in the container, mac is its MACaddress~~was not running, ~~host_ifname~~ it is ~~the Ethernet device name on~~automatically started thenall the ~~host~~appropriate changes are applied, ~~and host_mac~~ then it is ~~its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.bridge is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except ifnameare optional and are automatically generated if notspecified~~stopped.

~~--netif_del~~Note that~~dev_name | all~~container should be created before using this option.

~~Removes virtual Ethernet devicefrom a container. If you want to remove all devices, use~~--disabled yes |~~all~~no.

Disable container start. Toforce the start of a disabled container, use vzctl start--force.

~~The followingoptions can be used to reconfigure the already-createdvirtual Ethernet interface. To select the interface toconfigure, use~~ --~~ifname~~name name~~ option. --mac XX:XX:XX:XX:XX:XX~~

~~MAC address~~ Add a name for a container. Thename can later be used in subsequent calls tovzctl in place of ~~interface inside~~CTID. Note this option can~~a container~~not be used without --save.

--~~host_ifname~~description~~name~~string

~~interface name~~ Add a textual description for ~~virtual~~a~~interface in the host system~~container.

--~~host_mac~~ostemplate~~XX:XX:XX:XX:XX:XX~~string

~~MAC address~~ Sets a new value of ~~interface~~ OSTEMPLATE parameter in container configuration file[[Man/ctid.conf.5|ctid.conf(5)]]. Requires --save flag. Usefulafter a change/upgrade of a distribution running insidecontainer, as vzctl uses thevalue of OSTEMPLATE to run~~host system~~distribution-specific scripts.

--~~bridge~~stop-timeout ~~name~~seconds

~~Bridge name~~Sets a time to wait forcontainer to stop on vzctl stop before forciblykilling it, in seconds. ~~Custom networkstart scripts~~ Note this option can ~~use this value to automatically add the~~not be used~~interface to a bridge~~without --save flag.

~~--mac_filter on |~~Special valueof ~~off~~0means to use compiled-in default.

~~Enables/disables MAC addressfiltering for the Container veth device and the possibilityof configuring the MAC address of this device from insidethe Container. If the filtering is turned on: • the veth device accepts only those packets that havea MAC address in their headers corresponding to that of thisdevice (excluding all broadcast and multicast packets); • it is impossible to modify the veth MAC address frominside the Container.~~=== Networking ====

-~~top: 1em"~~-ipadd addr~~By default,this functionality is enabled for all veth devices existinginside the Container.~~

Adds an IP address addrto a given container. Address can optionally have a netmaskspecified in the CIDR notation (e.g. 10.1.2.3/25).Note that this option is incremental, so addr areadded to already existing ones.

~~The followingoptions sets memory and swap limits for VSwap~~--~~enabled~~ipdel addr |~~kernels (kernel version 042stab042 or greater).~~all

~~Argument is in~~Removes IP address addr~~bytes~~from a container. If you want to remove all the addresses, ~~with an optional suffix~~use --ipdel all. ~~Available suffixes are:~~

<~~table width~~p style="~~100~~margin-left:11%;" ~~border="0" rules="none" frame="void"~~ ~~cellspacing="0" cellpadding="0"~~><~~tr valign="top" align="left"~~b>--hostname<~~td width="11%"~~i>name</tdi><~~td width="6%"~~/p>

<pstyle="margin-left:17%;">Sets container hostname.~~T, t~~vzctlwrites it to the appropriate file inside acontainer (distribution-dependent).</p~~></td><td width="5%"></td><td width="44%"~~>

<p~~>terabytes;</td><td width~~style="34margin-left:11%;"><~~/td~~b>--nameserver</~~tr><tr valign="top" align="left"~~b><~~td width="11%"~~i>addr</tdi><~~td width="6%"~~/p>

<pstyle="margin-left:17%;">Sets DNS server IP address fora container. If you want to set several nameservers, youshould do it at once, so use G--nameserver, optionmultiple times in one call to gvzctl, as all the nameserver values set in previous calls to </pb>vzctl</tdb>are~~<td width="5%">~~overwritten.</~~td><td width="44%"~~p>

<p~~>gigabytes;</td><td width~~style="34margin-left:17%; margin-top: 1em">A special valueof <~~/td~~b>inherit</trb>can be used to auto-propagate nameserver~~<tr valign="top" align="left">~~value(s) from the host system’s<~~td width="11%"~~b>/etc/resolv.conf</tdb>file.<~~td width="6%"~~/p>

<pstyle="margin-left:11%;">M--searchdomain, <bi>mname</bi></p~~></td><td width="5%"></td><td width="44%"~~>

<p~~>megabytes;</td><td width~~style="34margin-left:17%;">Sets DNS search domains for acontainer. If you want to set several search domains, youshould do it at once, so use <~~/td~~b>--searchdomain</trb>optionmultiple times in one call to vzctl<~~tr valign="top" align="left"~~/b>, as all thesearch domain values set in previous calls to <~~td width="11%"~~b>vzctl</tdb>are overwritten.<~~td width="6%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">A special valueof Kinherit, can be used to auto-propagate searchdomain value(s) from the host system’sk/etc/resolv.conffile.</p~~></td><td width="5%"></td><td width="44%"~~>

<pstyle="margin-left:11%;">~~kilobytes;~~--netif_add</pb>ifname[</tdi>,<~~td width="34%"~~i>mac</tdi>,host_ifname</tri>,host_mac<~~tr valign="top" align="left"~~/i>,<~~td width="11%"~~i>bridge]</tdi><~~td width="6%"~~/p>

<pstyle="margin-left:17%;">Adds a virtual Ethernet device(veth) to a given container. Here ifnameis theEthernet device name in the container, <bi>Pmac</bi>is its MACaddress, <bi>phost_ifname</bi>is the Ethernet device name onthe host, and host_mac</pi> is its MAC address. MACaddresses should be in the format like XX:XX:XX:XX:XX:XX.bridge</tdi>is an optional parameter which can be used incustom network start scripts to automatically add theinterface to a bridge. All parameters except <~~td width="5%"~~i>ifname</tdi>are optional and are automatically generated if notspecified.<~~td width="44%"~~/p>

<pstyle="margin-left:11%;">~~memory pages (arch-specific).~~</pb>--netif_del</tdb><~~td width="34%"~~i>dev_name</tdi>| all</trb></~~table~~p>

Removes virtual Ethernet devicefrom a container. If you want to remove all devices, use~~--ram~~all ~~bytes~~.

==== veth interface configuration ==== ~~Sets physical memory (RAM)~~The following~~available~~ options can be used to ~~a container~~reconfigure the already-createdvirtual Ethernet interface. ~~Actually,~~ To select the ~~option is a shortcut~~interface to~~for setting~~ configure, use --~~physpages~~ifname ~~limit (the barrier is set to~~name option. ~~0).~~--mac XX:XX:XX:XX:XX:XX

~~--swap bytes~~MAC address of interface insidea container.

~~Set swap space available to acontainer. Actually, the option is a shortcut for setting~~--~~swappages~~host_ifname ~~limit (the barrier is set to 0).~~name

~~Here is an~~interface name for virtual~~example of setting container 777 to have 512 megabytes ofRAM and 1 gigabyte of swap:~~interface in the host system.

<~~pre~~ p style="margin-left:11%;"> ~~vzctl set 777~~ --~~ram 512M --swap 1G --save~~host_macXX:XX:XX:XX:XX:XX</~~pre~~p>

MAC address of interface in thehost system.

~~The following~~If you want an~~options sets barrier and limit for various user~~independent communication with the Container through the~~beancounters~~bridge, you should specify a multicast MAC address here(FE:FF:FF:FF:FF:FF).

~~Note that forVSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set~~ --~~ram~~bridge ~~and--swap (see above). For older kernels, these limits areobligatory.~~name

~~Each optionrequires one or two arguments~~Bridge name. ~~In case of one argument,~~Custom network~~vzctl sets barrier and limit~~ start scripts can use this value to automatically add the ~~same value. Incase of two colon-separated arguments, the first is~~ interface to a~~barrier, and the second is a limit. Each argument is eithera number, a number with a suffix, or a special valueunlimited~~bridge.

~~Arguments arein items, pages or bytes. Note that page size isarchitecture~~--~~specific, it is 4096 bytes~~ mac_filter on ~~x86 and x86_64~~ |~~platforms.~~off

~~You can alsospecify different suffixes for set<~~Enables/~~b> parameters (except~~disables MAC addressfiltering for the ~~parameters which names start with num). For~~Container veth device and the possibility~~example, vzctl set CTID --privvmpages~~of configuring the MAC address of this device from inside5Mthe Container. If the filtering is turned on:6M<~~/b> should set privvmpages</b~~br>&~~rsquo~~bull; ~~barrier~~ the veth device accepts only those packets that havea MAC address in their headers corresponding to 5that of this~~megabytes~~ device (excluding all broadcast and ~~its limit to 6 megabytes.~~multicast packets); </pbr> ~~Available~~it is impossible to modify the veth MAC address from~~suffixes are:~~inside the Container.

<~~table width~~p style="~~100~~margin-left:22%~~" border="0" rules="none" frame="void"~~ ~~cellspacing="0" cellpadding="0~~; margin-top: 1em">By default,~~<tr valign="top" align="left">~~this functionality is enabled for all veth devices existing~~<td width="11%">~~inside the Container.</~~td><td width="6%"~~p>

~~T, t</td><td width~~=~~"5%"></td><td width~~=~~"44%">~~== VSwap limits ====

<p~~>terabytes;</td><td width~~style="34margin-left:11%; margin-top: 1em">The following~~</td></tr>~~options sets memory and swap limits for VSwap-enabled~~<tr valign="top" align="left"><td width="11%">~~kernels (kernel version 042stab042 or greater).</~~td><td width="6%"~~p>

<p~~>G, g</td><td width~~style="5margin-left:11%; margin-top: 1em">Argument is inbytes, unless otherwise specified by an optional suffix.Available suffixes are:</~~td><td width="44%"~~p>

<pstyle="margin-left:11%; margin-top: 1em">•T, t - terabytes; • G, g- gigabytes; • M</pb>, m</tdb> - megabytes; • K, k<~~td width="34%"~~/b> - kilobytes; • P</tdb>, p</trb>- memory pages (arch-specific,usually 4KB); <~~tr valign="top" align="left"~~br>• B, <~~td width="11%"~~b>b</tdb>- bytes (this is the default).<~~td width="6%"~~b> --ram bytes

<pstyle="margin-left:22%;">~~M~~Sets physical memory (RAM)available to a container. Actually, the option is a shortcutfor setting m--physpageslimit (the barrier is set to0).</p~~></td><td width="5%"></td><td width="44%"~~>

<p~~>megabytes;</td><td width~~style="34margin-left:11%;"><~~/td~~b>--swap</~~tr><tr valign="top" align="left"~~b><~~td width="11%"~~i>bytes</tdi><~~td width="6%"~~/p>

<pstyle="margin-left:22%;">~~K~~Set swap space available to acontainer. Actually, the option is a shortcut for settingk--swappageslimit (the barrier is set to 0).</p~~></td><td width="5%"></td><td width="44%"~~>

<p~~>kilobytes;</td><td width~~style="34margin-left:11%;"><~~/td~~b>--vm_overcommit</~~tr><tr valign="top" align="left"~~b><~~td width="11%"~~i>float</tdi><~~td width="6%"~~/p>

<pstyle="margin-left:22%;">Set VM overcommitment value to<bi>Pfloat</bi>. If set, it is used to calculatepprivmmpagesparameter in case it is not setexplicitly (see below). Default value is </pb>0</tdb>, meaning~~<td width="5%">~~unlimited privvmpages.</~~td><td width="44%"~~p>

<pstyle="margin-left:11%; margin-top: 1em">~~memory pages (arch-specific).~~</pb>vzctl</tdb>~~<td width="34%">~~checks if running kernel is VSwap capable, and refuses touse these parameters otherwise. This behavior can beoverriden by using <~~/td~~b>--force</trb>flag beforeparameters.</~~table~~p>

~~You can also~~In VSwap mode,~~specify the literal word unlimited in place of a~~all beancounters other than RAM and swap become optional.~~number. In~~ Note though that ~~case the corresponding value will be~~ if some optional beancounters are not set to,~~LONG_MAX~~they are calculated and set by vzctl implicitly, ~~i. e.~~ using the ~~maximum possible value. --numproc items[~~following formulae:~~items]~~

~~Maximum number of processes and~~•~~kernel-level threads~~lockedpages. ~~Setting the~~ barrier ~~and the limit todifferent values does not make practical sense~~= oomguarpages.barrier = ram

~~--numtcpsock~~•lockedpages.limit = oomguarpages.limit = unlimited~~items[:items]~~

~~Maximum number of TCP sockets.~~•~~This parameter limits the number of TCP connections and,thus, the number of clients the server application canhandle in parallel~~vmguarpages. ~~Setting the~~ barrier ~~and the~~ = vmguarpages.limit to~~different values does not make practical sense.~~= ram + swap

~~--numothersock~~•privvmpages.barrier = privvmpages.limit = (ram + swap) *vm_overcommit~~items[:items]~~

~~Maximum number of non-TCP~~(if~~sockets (local sockets~~vm_overcommit is 0 or not set, ~~UDP and other types of sockets).Setting the barrier and the limit~~ privvmpages is set to ~~different values doesnot make practical sense.~~"unlimited")

~~--vmguarpages~~Here is anexample of setting container 777 to have 512 megabytes of~~pages[~~RAM and 1 gigabyte of swap:~~pages]~~

~~Memory allocation guarantee.This parameter controls how much memory is available to acontainer. The barrier is the amount of memory thatcontainer’s applications are guaranteed to be able toallocate. The meaning of the limit is currently unspecified;it should be~~ vzctl set ~~to unlimited.~~777 --ram 512M --swap 1G --save</ppre>

~~--kmemsizebytes[:bytes]~~=== User Beancounter limits ====

~~Maximum amount of kernel memoryused. This parameter is related to --numproc. Eachprocess consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consumea bit more. It is important to have a certain safety gapbetween the barrier and the limit of this parameter: equal~~The followingoptions sets barrier and limit ~~may lead to the situation where the kernel~~for various user~~will need to kill container’s applications to keep thekmemsize usage under the limit~~beancounters.

Note that forVSwap-enabled kernels (version 042stab042 or greater) theselimits are optional, you must only set --~~tcpsndbuf~~ramand<ib>~~bytes~~--swap</ib>~~[:bytes]~~(see above). For older kernels, these limitsare obligatory.

~~Maximum size~~ Each optionrequires one or two arguments. In case of ~~TCP send~~one argument,~~buffers~~vzctl sets barrier and limit to the same value. ~~Barrier should be not less than 64 KB~~Incase of two colon-separated arguments, ~~and~~the first is a~~difference between~~ barrier , and the second is a limit ~~should be equal to~~ . Each argument is eithera number, a number with a suffix, ora special value~~more than value of~~ ~~numtcpsock~~unlimited ~~multiplied by 2.5~~KB.

~~--tcprcvbuf~~Arguments are~~~~in items, pages or bytes~~[:~~. Note that page size isarchitecture-specific, it is 4096 bytes~~]~~on x86 and x86_64platforms.

~~Maximum size of TCP receive~~You can also~~buffers~~specify different suffixes for User Beancounter parameters(except for those which names start with num). ~~Barrier should be not less than 64 KB~~Forexample, ~~and~~vzctl set CTID --privvmpages~~difference between barrier and limit~~ 5M:6M should ~~be equal to ormore than value of~~ set ~~numtcpsock~~privvmpages ~~multiplied by 2.~~’ barrier to 5KBmegabytes and its limit to 6 megabytes.

~~--othersockbuf~~Available~~bytes[~~suffixes are:~~bytes]~~

~~Maximum size of other (non~~•T, t -~~TCP)~~terabytes; ~~socket send buffers. If container~~&~~rsquo~~bull; G, g - gigabytes;~~s processes needs to~~ ~~send very large datagrams~~• M, ~~the barrier should be set~~m - megabytes; ~~accordingly. Increased limit is necessary for high~~• K, k - kilobytes; ~~performance of communications through local~~ • P, p - memory pages (~~UNIX~~arch-~~domain~~specific,usually 4KB); ~~sockets~~• B, b - bytes.

You can alsospecify the literal word unlimited in place of anumber. In that case the corresponding value will be set toLONG_MAX, i. e. the maximum possible value. --~~dgramrcvbuf~~numproc~~bytes~~items[:~~bytes~~items]

Maximum ~~size~~ number of ~~other (non-TCP)socket receive buffers. If container’s~~ processes ~~needs~~and~~to receive very large datagrams, the barrier should be setaccordingly~~kernel-level threads. ~~The difference between~~ Setting the barrier and thelimit to~~limit is~~ different values does not ~~needed~~make practical sense.

--~~oomguarpages~~numtcpsock~~pages~~items[:~~pages~~items]

~~Guarantees against OOM kill~~Maximum number of TCP sockets.~~Under this beancounter the kernel accounts~~ This parameter limits the ~~total amount~~number of ~~memory~~ TCP connections and ~~swap space used by~~ ,thus, the ~~container’sprocesses. The barrier~~ number of ~~this parameter is~~ clients theserver application can~~out-of-memory guarantee~~handle in parallel. If Setting the ~~oomguarpages usage isbelow~~ barrier and the ~~barrier, processes of this container are~~limit to~~guaranteed~~ different values does not ~~to be killed in out-of-memory situations. Themeaning of limit is currently unspecified; it should be setto unlimited~~make practical sense.

--~~lockedpages~~numothersock~~pages~~items[:~~pages~~items]

Maximum number of ~~pages~~non-TCP~~acquired by mlock~~sockets (2local sockets, UDP and other types of sockets).Setting the barrier and the limit to different values doesnot make practical sense.

--~~privvmpages~~vmguarpages

pages[:pages]

~~Allows controlling the amount~~Memory allocation guarantee.of This parameter controls how much memory ~~allocated by the applications. For shared (mapped~~is available to a~~as MAP_SHARED) pages, each~~ container ~~really using amemory page~~ . The barrier is ~~charged for~~ the ~~fraction~~ amount of ~~the page(depending on the number of others using it). For~~memory thatcontainer&~~quot~~rsquo;~~potentially private&quot~~s applications are guaranteed to be able toallocate. The meaning of the limit is currently unspecified; ~~pages (mapped as~~it should be set to ~~MAP_PRIVATE~~unlimited~~), container is charged either for afraction of the size or for the full size if the allocatedaddress space. In the latter case, the physical pagesassociated with the allocated address space may be inmemory, in swap or not physically allocated yet~~.

~~The barrier andthe limit of this parameter control the upper boundary ofthe total size of allocated memory. Note that this upperboundary does not guarantee that container will be able toallocate that much memory. The primary mechanism to controlmemory allocation is the~~ --~~vmguarpages~~kmemsize ~~guarantee.~~bytes[:bytes]

Maximum amount of kernel memoryused. This parameter is related to --~~shmpages~~numproc. Each~~pages[~~process consumes certain amount of kernel memory - 16 KB atleast, 30-50 KB typically. Very large processes may consumea bit more. It is important to have a certain safety gapbetween the barrier and the limit of this parameter:equalbarrier and limit may lead to the situation where the kernelwill need to kill container’s applications to keep the<ib>~~pages~~kmemsize</ib>]usage under the limit.

~~Maximum IPC SHM segment size.~~--tcpsndbuf~~Setting the barrier and the limit to different values doesnot make practical sense.~~bytes[:bytes]

Maximum size of TCP sendbuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of ~~--numfile~~numtcpsockmultiplied by 2.5~~items[:items]~~KB.

~~Maximum number of open files.In most cases the barrier and the limit should be set to thesame value. Setting the barrier to~~ 0--tcprcvbuf ~~effectivelydisables pre-charging optimization for this beancounter inthe kernel, which leads to the held value being precise butcould slightly degrade file open performance.~~bytes[:bytes]

Maximum size of TCP receivebuffers. Barrier should be not less than 64 KB, anddifference between barrier and limit should be equal to ormore than value of ~~--numflock~~numtcpsockmultiplied by 2.5~~items[:items]~~KB.

~~Maximum number of file locks.~~--othersockbuf~~Safety gap should be between barrier and limit.~~bytes[:bytes]

~~--numptyitems[:items]~~ ~~Number~~ Maximum size of ~~pseudo~~other (non-~~terminals~~TCP)~~(PTY)~~socket send buffers. ~~Note that in OpenVZ each~~ If container ~~can have not more~~’s processes needs to~~than 255 PTYs. Setting~~ send very large datagrams, the barrier ~~and the~~ should be setaccordingly. Increased limit tois necessary for highperformance of communications through local (UNIX-domain)~~different values does not make practical sense~~sockets.

--~~numsiginfo~~dgramrcvbuf~~items~~bytes[:~~items~~bytes]

~~Number~~ Maximum size of ~~siginfo structures~~other (non-TCP)socket receive buffers.If container’s processes needs~~Setting~~ to receive very large datagrams, the barrier should be setaccordingly. The difference between the barrier and the limit ~~to different values does~~is not ~~make practical sense~~needed.

--~~dcachesize~~oomguarpages~~bytes~~pages[:~~bytes~~pages]

~~Maximum size~~ Guarantees against OOM kill.Under this beancounter the kernel accounts the total amountof~~filesystem-related caches, such as directory entry~~ memory and ~~inode~~swap space used by the container’s~~caches~~processes. ~~Exists as a separate~~ The barrier of this parameter ~~to impose a limit~~is the~~causing file operations to sense~~ out-of-memory ~~shortage and return~~guarantee. If the oomguarpages usage is~~an errno to applications~~below the barrier, ~~protecting from memory shortages~~processes of this container are~~during critical operations that should~~ guaranteed not ~~fail~~to be killed in out-of-memory situations. ~~Safety gap~~Themeaning of limit is currently unspecified; it should be ~~between barrier and limit~~setto unlimited.

--~~numiptentnum[:num]~~ ~~Number of iptables (netfilter)entries. Setting the barrier and the limit to differentvalues does not make practical sense.~~ ~~--physpages~~lockedpages

pages[:pages]

~~On VSwap-enabled kernels, thislimits the amount~~ Maximum number of ~~physical memory (RAM) available to a~~pages~~container. The barrier should be set to~~ acquired by 0mlock~~, and thelimit to a total size of RAM that can be used used by acontainer~~(2).

~~For olderkernels, this is an accounting-only parameter, showing theusage of RAM by this container. Barrier should be set to0, and limit should be set to unlimited.~~ --~~swappages~~privvmpages

pages[:pages]

Allows controlling the amountof memory allocated by the applications. For ~~VSwap-enabled kernels~~shared (mapped~~(042stab042 or greater~~as MAP_SHARED)pages, ~~this parameter limits~~ each container really using amemory page is charged for the ~~amount~~ fraction ofthe page~~swap space available to a container~~(depending on the number of others using it). ~~The barrier should be~~For"potentially private" pages (mapped as~~set to~~ 0MAP_PRIVATE), ~~and~~ container is charged either for afraction of the ~~limit to a total~~ size ~~of swap that~~or for the full size if the allocatedaddress space. In the latter case, the physical pages~~can~~ associated with the allocated address space may be ~~used by a container~~inmemory, in swap or not physically allocated yet.

~~For older~~The barrier and~~(pre-VSwap) kernels,~~ the limit ~~is used to show a totalamount~~ of ~~swap space available inside~~ this parameter control the ~~container. The~~upper boundary of~~barrier~~ the total size of allocated memory. Note that this ~~parameter is ignored~~upperboundary does not guarantee that container will be able toallocate that much memory. The ~~default value~~ primary mechanism to controlmemory allocation isthe ~~unlimited~~--vmguarpages~~, meaning total swap will be reported as~~0guarantee.

--shmpagespages[:pages]

~~These~~Maximum IPC SHM segment size.Setting the barrier and the limit to different values does~~parameters control CPU usage by container~~not make practical sense. ~~ --cpuunits num~~

~~CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If~~ ~~cpuunits~~--numfile ~~are not specified,default value of 1000 is used.~~items[:items]

~~You can~~ Maximum number of open files.In most cases the barrier and the limit should be set ~~CPU~~to the~~weight for CT0 (host system itself) as well (use~~ same value. Setting the barrier to ~~vzctlset~~ 0 ~~--cpuunits~~ ~~num). Usually~~effectivelydisables pre-charging optimization for this beancounter inthe kernel, ~~OpenVZ initscript~~which leads to the held value being precise but~~(/etc/init.d/vz) takes care of setting this~~could slightly degrade file open performance.

--~~cpulimit~~numflock~~num~~items[:<bi>%items</bi>]

~~Limit~~ Maximum number of ~~CPU usage for thecontainer, in per cent~~file locks. ~~Note if the computer has 2 CPUs, ithas total of 200% CPU time. Default CPU limit is 0(no CPU~~ Safety gap should be between barrier and limit).

--~~cpus~~numpty ~~num~~items[:items]

~~sets number~~ Number of ~~CPUs available~~pseudo-terminals(PTY). Note that in OpenVZ each container can have not morethan 255 PTYs. Setting the ~~container~~barrier and the limit todifferent values does not make practical sense.

--~~cpumask~~numsiginfo ~~cpus~~items |[:<bi>~~all~~items</bi>]

~~sets list~~ Number of ~~allowed CPUs forthe container~~siginfo structures. ~~Input format is a comma-separated list ofdecimal numbers and ranges. Consecutively set bits are shownas two hyphen-separated decimal numbers,~~ Setting the ~~smallest~~ barrier and~~largest bit numbers set in~~ the ~~range. For example, if youwant the container~~ limit to ~~execute on CPUs 0, 1, 2, 7, you shouldpass 0-2,7. Default value is all (the~~different values does~~container can execute on any CPU)~~not make practical sense.

--dcachesizebytes[:bytes]

~~For~~Maximum size of~~VSwap~~filesystem-~~enabled kernels (042stab042 or greater)~~related caches, ~~this~~such as directory entry and inodecaches. Exists as a separate parameter ~~is ignored. For older kernels~~to impose a limitcausing file operations to sense memory shortage and returnan errno to applications, ~~it controls the~~protecting from memory shortages~~output of /proc/meminfo inside a container~~during critical operations that should not fail. ~~ ~~Safety gap~~--meminfo none~~should be between barrier and limit.

No --numiptent</~~proc~~b>num</~~meminfo virtualization(the same as on host system).~~i>[:num]

~~--meminfo~~Number of iptables (netfilter)entries. Setting the barrier and the limit to different~~mode:value~~values does not make practical sense.

~~Configure total memory outputin a container. Reported free memory is evaluatedaccordingly to the mode being set. Reported swap isevaluated according to the settings of~~ --~~swappages~~physpages~~parameter.~~pages[:pages]

~~You can use~~ On VSwap-enabled kernels, thislimits theamount of physical memory (RAM) available to a~~following modes for mode: •~~ container. The barrier should be set to ~~pages~~0~~:value - sets total memory inpages; ~~, and the~~• privvmpages:value - sets~~ limit to a total ~~memory~~size of RAM that can be used used by a~~as privvmpages * value~~container.

~~Default~~ For olderkernels, this isan accounting-only parameter, showing theusage of RAM by this container. Barrier should be set to~~privvmpages:1~~0, and limit should be set to unlimited.

--swappagespages[:pages]

For VSwap-enabled kernels(042stab042 or greater), this parameter limits the amount ofswap space available to a container. The barrier should beset to ~~--iptables~~0, and the limit to a total size of swap that~~name~~can be used by a container.

~~Allow~~ For older(pre-VSwap) kernels, the limit is used to ~~use the functionality~~show a totalamount of ~~name iptables module~~ swap space available inside the container. ToThebarrier of this parameter is ignored. The default value is~~specify multiple~~ <ib>~~name~~unlimited</ib>s, ~~repeat --iptables for each,or use space-separated list~~ meaning total swap will be reported as ~~an argument (enclosed insingle or double quotes to protect spaces)~~0.

~~The defaultlist of enabled iptables modules is specified by theIPTABLES variable in [[Man/vz.conf.5|vz.conf(5)]].~~=== CPU fair scheduler parameters ====

~~You can use the~~These~~following values for name:~~ parameters control CPU usage by container. ~~iptable_filter~~</bbr>,~~iptable_mangle~~--cpuunits, <bi>~~ipt_limit~~num</~~b>,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG</b~~i>~~, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner.~~

CPU weight for a container.Argument is positive non-zero number, passed to and used inthe kernel fair scheduler. The larger the number is, themore CPU time this container gets. Maximum value is 500000,minimal is 8. Number is relative to weights of all the otherrunning containers. If cpuunits are not specified,default value of 1000 is used.

You can set CPUweight for CT0 (host system itself) as well (use vzctlset 0 --~~netdev_add~~cpuunits~~name~~num). Usually, OpenVZ initscript(/etc/init.d/vz) takes care of setting this.

~~move network device from the~~--cpulimit~~host system to a specified container~~num[%]

Limit of CPU usage for thecontainer, in per cent. Note if the computer has 2 CPUs, ithas total of 200% CPU time. Default CPU limit is ~~--netdev_del~~0~~name~~(no CPU limit).

~~delete network device from aspecified container~~--cpus num

sets number of CPUs availablein the container.

--~~diskquota yes~~cpumask cpus |noauto | all

~~allows to enable~~ Sets list of allowed CPUs forthe container. Input format is a comma-separated list ofdecimal numbers and/or ~~disable~~ranges. Consecutively set bits areshown as two hyphen-separated decimal numbers, the smallestand largest bit numbers set in the range. For example, if~~disk quota for a~~ you want the container~~. By default~~to execute on CPUs 0, 1, 2, 7, ~~a global value~~you(should pass ~~DISK_QUOTA~~0-2,7~~) from [[Man/vz~~.~~conf.5|~~Default value is ~~vz.conf~~all(5thecontainer can execute on any CPU)~~]] is~~ . If usedwith the--nodemask option, value of auto assigns allCPUs from the specified NUMA node to a container.

--~~diskspace~~nodemask~~num~~nodes[:| <ib>~~num~~all</ib>]

~~sets soft and hard disk quota~~Sets list of allowed NUMA nodes~~limits, in blocks~~for the container. ~~First parameter is soft limit, second~~ Input format is~~hard limit. One block is currently equal to 1Kb. Suffixes~~the same as forG--cpumask, . Note that M--nodemask~~, K can also~~ must be ~~specified (see~~usedwith the ~~Resource limits~~--cpumask ~~section for more info onsuffixes)~~option.

~~--diskinodesnum[:num]~~=== Memory output parameters ====

~~sets soft and hard disk quota~~For~~limits~~VSwap-enabled kernels (042stab042 or greater), ~~in i-nodes. First~~ thisparameter is ~~soft limit~~ignored. For older kernels, ~~second is~~it controls the~~hard limit~~output of /proc/meminfo inside a container. --meminfo none

No /proc/meminfo virtualization(the same as on host system). --~~quotatime~~meminfo~~seconds~~mode:value

~~sets quota grace period~~Configure total memory outputin a container.Reported free memory is evaluated~~Container is permitted~~ accordingly to ~~exceed its soft limits for~~ themode being set. Reported swap is~~grace period, but once it has expired,~~ evaluated according to the ~~soft limit is~~settings of --swappages~~enforced as a hard limit~~parameter.

You can use thefollowing modes for mode: • pages:value-sets total memory inpages; • privvmpages:value -~~quotaugidlimit~~sets total memoryas privvmpages* ~~num~~value.

~~sets maximum number ofuser/group IDs in a container for which disk quota insidethe container will be accounted. If this value~~ Default is ~~set to~~0privvmpages:1~~, user and group quotas inside the container willnot be accounted~~.

~~Note that ifyou have previously set value of this parameter to 0,changing it while the container is running will not takeeffect.~~=== Netfilter (iptables) control parameters ====

--netfilter disabled|stateless|stateful|full

Restrict access tonetfilter/iptables modules for a container. This optionreplaces obsoleted --~~noatime yes |no~~iptables.

~~Sets noatime flag (do not~~Note that~~update inode access times) on filesystem~~changing this parameter requires container restart, soconsider using --setmode option.

The followingarguments can be used: • disabled

~~--capabilitycapname:on|off~~no modules are allowed

~~Sets a capability for acontainer. Note that setting capability when the containeris running does not take immediate effect; restart thecontainer in order for the changes to take effect. Note acontainer has default set of capabilities, thus anyoperation on capabilities is "logical and~~&~~quot~~bull; ~~withthe default capability mask.~~stateless

~~You can use the~~all modules except NAT and~~following values for <~~conntracks are allowed (i~~>capname: chown,dac_override, dac_read_search, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ve_admin~~.e. filter and mangle); this is the~~For detailed description, see capabilities(7).~~default

~~WARNING~~• stateful:~~setting some of those capabilities may have far reachingsecurity implications, so do not do it unless you know whatyou are doing. Also note that setting setpcap:on fora container will most probably lead to inability to startit.~~

all modules except NAT areallowed

<~~p style~~table width="~~margin-left:11~~100%;" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0"><~~b>--devnodes</b~~tr valign="top" align="left"><itd width="22%">~~device~~</itd>:[<~~b>r][w][q]|none</p~~td width="9%">

~~Give the container an access~~(r• full ~~- read, w~~</~~b> - write, <b~~p>q</btd> ~~- disk quotamanagement,~~ <btd width="1%">~~none~~</btd> ~~- no access) to a device designatedby the special file /dev/~~<~~i>device. Device file iscreated in a container by vzctl. Example:</p~~td width="36%">

<~~pre style~~p>all modules are allowed</td><td width="~~margin-left:22~~32%;"> ~~vzctl set 777 --devnodes sdb:rwq~~</td></tr></~~pre~~table>

--~~devices~~biptables~~|c:~~~~major~~name~~:minor|all:~~[r,...]~~[w][q]|none~~

~~Give the container an access to~~a bNote~~lock or~~ this option isobsoleted, c--netfilter~~haracter device designated by itsmajor and minor numbers. Device file have to~~should be ~~created manually~~used instead.

Allow to usethe functionality of name iptables module inside thecontainer. Multiple comma-separated names can bespecified.

The defaultlist of enabled iptables modules is defined by the~~--pci_add~~IPTABLESvariable in [[Man/vz.conf.5|<ib>~~domain~~vz.conf</ib>:(5)]]~~bus:slot~~.~~func~~

~~Give~~ You can use the ~~container an access toa specified PCI device. All numbers are hexadecimal (as~~following values for name: iptable_filter,iptable_mangle, ipt_limit,ipt_multiport, ipt_tos, ipt_TOS,ipt_REJECT, ipt_TCPMSS, ipt_tcpmss,ipt_ttl, ipt_LOG, ipt_length,ip_conntrack, ip_conntrack_ftp,ip_conntrack_irc, ipt_conntrack,~~printed by~~ ~~lspci~~ipt_state, ipt_helper, iptable_nat,ip_nat_ftp, ip_nat_irc, ipt_REDIRECT,xt_mac, ipt_recent, ipt_owner~~(8) in the first column)~~.

==== Network devices control parameters ==== --~~pci_del~~netdev_add~~[domain:]bus:slot.~~~~func~~name

~~Delete a PCI~~ move network device from thehost system to a specified container.

~~Note that~~~~vps~~-~~pci configuration script is executed byvzctl~~-netdev_del ~~then configuring PCI devices. The script isusually located at~~ <bi>~~/usr/lib[64]/vzctl/scripts/~~name</bi>.

delete network device from aspecified container

~~--featuresname:on|off~~=== Disk quota parameters ====

~~Enable or disable a specificcontainer feature. Known features are: sysfs,nfs, sit,~~ ~~ipip~~--diskquota yes~~, ppp,~~|~~ipgre, bridge, nfsd~~no.

allows to enable or disabledisk quota for a container. By default, a global value(DISK_QUOTA) from [[Man/vz.conf.5|vz.conf(5)]] is used.

Note that thisparameter is ignored for ~~--applyconfig~~ploop~~name~~layout.

~~Read container parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-sample</tt>,and apply them, if~~ --~~save~~diskspace ~~option specified save tothe container config file. The following parameters are notchanged:~~ <bi>~~HOSTNAME~~num</bi>, [:<bi>~~IP_ADDRESS~~num</~~b>,OSTEMPLATE, VE_ROOT, andVE_PRIVATE</b~~i>.]

For ~~--applyconfig_map~~simfslayout, sets~~group~~soft and hard disk quota limits. First parameter is softlimit, second is hard limit.

~~Apply container config~~For~~parameters selected by~~ <ib>~~group~~ploop</ib>layout, initiates the procedure of resizing theploop image file to the new size. ~~Now the only possible~~Since there is no~~value for~~ soft/hard limit concept in ploop, second ~~group~~num , ifspecified, is ~~name: to restore containername based on NAME variable in containerconfiguration file~~ignored.

By default,ploop resize is done online, i.e. on a mounted ploop. Thisis a preferred way of doing resize. Although, in a rare casea container was using lots of disk space and should now beresized to a much smaller size, an offline resize might bemore appropriate. In this case, make sure the container isstopped and unmounted and use additional--offline-resize option</~~O priority management ====~~p>

Note that ploopresize is NOT performed on container start, so forconsistency --~~ioprio~~diskspacemust be used together with<ib>~~priority~~--save</ib>flag.

~~Assigns I/O priority to~~Suffixes~~container.~~ <ib>~~Priority~~G</ib> ~~range is~~ , ~~0-7~~M~~. The greaterpriority is~~, ~~the more time for I/O activity containerhas. By default each container has~~ <ib>~~priority~~K</ib> ofcan also be specified (see4Resource limitssection for more info on suffixes).If suffix is not specified, value is in kilobytes.

--diskinodesnum[:num]

~~Checkpointing~~ sets soft and hard disk quotalimits, in i-nodes. First parameter is soft limit, second is ~~a feature ofOpenVZ kernel which allows to save a complete state of arunning container, and to restore it later~~hard limit.

~~chkpnt CTID~~Note that this[parameter is ignored for ~~--dumpfile~~ploop ~~name]~~layout.

~~This command saves a completestate of a running container to a dump file, and stops thecontainer. If an option~~ --~~dumpfile~~quotatime ~~is not set,default dump file name /vz/dump/Dump.~~~~CTID~~seconds is~~used.~~

~~restore CTID~~sets quota grace period.Container is permitted to exceed its soft limits for thegrace period, but once it has expired, the soft limit is~~[--dumpfile name]~~enforced as a hard limit.

~~This command restores a~~Note that this~~container from the dump file created by the~~ parameter is ignored for ~~chkpnt~~ploop~~command~~layout.

--quotaugidlimitnum

~~create CTID~~Enables or disables~~[~~in-container per-~~ostemplate name] [~~user and per-~~-config~~group disk quotas. If the~~name] [~~value is set to ~~--private~~0 ~~path] [--root path] [--ipadd addr]~~or not set, disk quotas inside the~~[--hostname name]~~container is disabled and not accounted.

~~Creates a new container area.~~For~~This operation should be done once~~simfs layout containers, ~~before the first start~~non-zero value sets maximumnumber of ~~the container~~user/group IDs for which disk quota isaccounted.

~~By default, an~~For~~OS template denoted by~~ ~~DEF_OSTEMPLATE~~ploop ~~parameter~~ layout containers, any non-zero value enablesdisk quota inside the container; the number ofuser/group~~[[Man/vz.conf.5|vz.conf(5)]]~~ IDs used by disk quota is ~~used to create a container. This can beoverwritten~~ not limited by ~~--ostemplate option~~OpenVZ.

~~By default, a~~Note that~~new~~ enabling or disabling in-container ~~configuration file is created from a sample~~disk quotas requires~~configuration denoted by value of~~ container restart, so consider using ~~CONFIGFILEparameter of [[Man/vz.conf.5|vz.conf~~--setmode~~(5)]]. If the containerconfiguration file already exists, it will not bemodified~~option.

~~The value ofCONFIGFILE can be overwritten by using the--configname~~ === Capability option~~. This option can not beused if the container configuration file already exists.~~====

~~You can use~~--~~root~~capability ~~path~~capname ~~option to sets the path to themount point for the container root directory (default is~~:~~VE_ROOT~~on ~~specified in [[Man/vz.conf.5~~|~~vz.conf~~off~~(5)]] file).Argument can contain literal string~~ [~~$VEID~~,~~, which willbe substituted with the numeric CT ID~~...]

~~You can use--private path option to set the path todirectory in which all the files and directories specific to~~Sets a capability for a~~this very~~ container ~~are stored (default is VE_PRIVATEspecified in [[Man/vz~~.~~conf.5|vz.conf(5)]] file). Argument~~ Multiple comma-separated capabilities can ~~containliteral string $VEID, which will~~ be ~~substituted withthe numeric CT ID~~specified.

~~You can use~~Note thatsetting a capability when the container is running does nottake immediate effect; restart the container in order forthe changes to take effect (consider using --~~ipadd~~setmode ~~addr option to assign an IP address toa container. Note that this~~ option ~~can be used multipletimes~~).

~~You can use~~A container has~~--hostname name option to~~ the default set ~~a host name for~~of capabilities, thus any operation on~~a container~~capabilities is "logical AND" with the defaultcapability mask.

You can use thefollowing values for capname: chown,dac_override, dac_read_search, fowner,fsetid, kill, setgid, setuid,setpcap, linux_immutable,net_bind_service, net_broadcast,net_admin, net_raw, ipc_lock,ipc_owner, sys_module, sys_rawio,sys_chroot, sys_ptrace, sys_pacct,sys_admin, sys_boot, sys_nice,sys_resource, sys_time, sys_tty_config,mknod, lease, setveid, ~~destroy~~ve_admin |.For detailed description, see ~~delete~~capabilities(7).

~~Removes a container private~~WARNING:setting some of those capabilities may have far reaching~~area by deleting all files~~security implications, ~~directories and the~~so do not do it unless you know whatyou are doing. Also note that setting setpcap:on for~~configuration file of this~~ a containerwill most probably lead to inability to startit.

~~start [--wait][--force]~~=== Device access management ====

~~Mounts (if necessary) andstarts a container. Unless~~ --~~wait~~devnodes ~~option isspecified,~~ device:[~~vzctl~~r ~~will return immediately; otherwisean attempt to wait till the default runlevel is reached willbe made by~~ ][w][q]|~~vzctl~~none.

~~Specify~~Give the container an access(r-read, w - write, q -~~force~~disk quotamanagement, none ~~if you want~~ - no access) to ~~start~~ a ~~container which~~ device designatedby the special file /dev/device. Device file is~~disabled (see~~ created in a container by ~~--disabled~~vzctl).Example:

vzctl set 777 --~~top~~devnodes sdb: ~~1em">Note that thiscommand can lead to execution of premount,mount and start action scripts (see ACTIONSCRIPTS below).~~rwq</ppre>

~~stop~~--devicesb|c:major:minor|all:[r ][~~--fast~~w][q]|none

~~Stops and unmounts a~~ Give the container.an access to~~Normally,~~ a ~~halt~~b~~(8) is executed inside a container;option~~ lock or ~~--fast~~c ~~makes~~ haracter device designated by its<bi>~~vzctl~~major</bi> ~~use~~ and <bi>~~reboot~~minor</bi>~~(2)syscall instead which is faster but can lead~~ numbers. Device file have to ~~uncleancontainer shutdown~~be created manually.

~~Note that thiscommand can lead to execution of stop, umountand postumount action scripts (see ACTIONSCRIPTS below).~~=== PCI device management ====

~~restart~~--pci_add [<bi>~~--wait~~domain</bi>:][<bi>bus:~~--force~~slot</bi>~~] [~~.<bi>~~--fast~~func</bi>]

~~Restarts a~~ Give the container~~, i.e.~~an access to~~stops it if it is running, and starts again~~a specified PCI device. ~~Accepts all the~~All numbers are hexadecimal (asprinted by ~~start~~lspci ~~and stop options~~(8) in the first column).

~~Note that thiscommand can lead to execution of some action scripts (see~~~~ACTION SCRIPTS~~--pci_del ~~below)~~[domain:]bus:slot.func

~~status~~Delete a PCI device from thecontainer.

~~Shows a container status. This~~Note thatvps-pci configuration script is ~~a line with five or six words, separated~~ executed by ~~spaces~~vzctl then configuring PCI devices. The script isusually located at /usr/libexec/vzctl/scripts/.

~~First word isliterally CTID.~~=== Features management ====

-~~top: 1em"~~-features~~Second word isthe numeric~~ ~~CT ID~~name:on|off[,...]

~~Third word is~~Enable or disable a specific~~showing whether this~~ container ~~exists or not~~feature. Known features are: sysfs,nfs, sit, ipip, ppp, ~~it can beeither~~ ~~exist~~ipgre or , bridge, ~~deleted~~nfsd. A few features canbe specified at once, comma-separated.

~~Fourth word isshowing the status of the container filesystem, it can beeither mounted or unmounted.~~=== Apply config ====

~~Fifth wordshows if the container is running, it can be either~~~~running~~--applyconfig or <bi>~~down~~name</bi>.

Read container parameters fromthe container sample configuration file<tt>/etc/vz/conf/ve-</tt>name<tt>.conf-~~top: 1em"~~sample</tt>~~Sixth word~~,and apply them, if--save option specified save tothe container config file. The following parameters are not~~exists~~changed: HOSTNAME, is ~~suspended~~IP_ADDRESS~~. It appears if both a container~~,OSTEMPLATE, VE_ROOT, and ~~its dump file exist (see~~ ~~chkpnt~~VE_PRIVATE).

-~~top: 1em"~~-applyconfig_map~~This commandcan also be usable from scripts.~~group

Apply container configparameters selected by group. Now the only possiblevalue for group is name: to restore containername based on ~~mount~~NAMEvariable in containerconfiguration file.

~~Mounts container private area.Note that this command can lead to execution ofpremount<~~=== I/~~b> and mount action scripts (seeACTION SCRIPTS below).~~O scheduling ====

~~umount~~--iopriopriority

~~Unmounts~~ Assigns disk I/O priority tocontainer ~~privatearea~~. ~~Note that this command can lead to execution of~~Priority range is ~~umount~~0-7 ~~and~~ . The greater<bi>priority is, the more time for I/O activity containerhas. By default each container has ~~postumount~~priority</bi> ~~action scripts (see~~of~~ACTION SCRIPTS~~4 ~~below)~~.

--~~top: 1em"~~iolimit~~Note that~~limit[B|K|~~stop~~M ~~does~~ |~~umount~~G ~~automatically.~~]

Assigns disk I/O bandwidthlimit for a container. Value is either a number with anoptional suffix, or a literal string ~~convert~~unlimited . Valueof <ib>~~CTID~~0</ib>means "unlimited". By default acontainer has no I/O limit. Maximum allowed limit is 2gigabytes per second; values exceeding the limit aretruncated.

~~Convert CT private area~~ If no suffix isprovided, the limit is assumed tobe in megabytes per~~reside on a ploop device (available since 042stab052~~second.6Available suffixes are: • b, B -- bytes per second; • k, K -- kilobytes per second; ~~kernel~~• m, M -- megabytes per second (default)~~. Conversion should be performed when a container is~~; ~~stopped~~• g, ~~plus disk space quota should be set.~~G -- gigabytes per second;

~~quotaon~~--iopslimit ~~ctid~~iops

~~Turn disk quota on~~Assigns IOPS limit for acontainer, in number of input/output operations per second. ~~Not that~~Value is a number or a literal string ~~mount~~unlimited ~~and~~ .Value of ~~start~~0 ~~does that automatically~~means "unlimited". By default acontainer has no IOPS limit.

~~quotaoff ctid~~== Suspending and resuming ===

~~Turn disk quota off. Not that~~Checkpointing is a feature of~~umount~~ OpenVZ kernel which allows to save a complete in-kernelstate of a running container, and ~~stop does that automatically~~to restore it later.

~~quotainit~~suspend|chkpnt~~ctid~~CTID [--dumpfile name]

~~Initialize disk quota (i.e. run~~This command suspends acontainer to a dump file If an option ~~vzquota init~~--dumpfile~~) with the parameters taken from the CT~~is~~configuration~~ not set, default dump file ~~[[Man~~name/vz/dump/~~ctid~~Dump.~~conf.5|~~~~ctid.conf~~CTID</bi>~~(5)]]~~is used.

~~exec~~resume |restoreCTID~~command~~[--dumpfile name]

~~Executes ~~This command~~ in~~ restores acontainer~~. Environment variables are not set inside~~ from the dump file created by the~~container. Signal handlers may differ from default settings.If command is~~ -suspend~~, commands are read fromstdin~~command.

~~exec2 CTIDcommand~~== Snapshotting ===

~~The same as exec~~Snapshotting is a feature basedon checkpointing and ploop shapshots. It allows to save acomplete state of container file system. Plus, ~~but~~if the~~return code~~ container is running, it’s in-memory state (as incheckpointing). Note that ~~of command~~snapshot functionality is onlyworking for containers on ploop device.

~~runscript~~snapshot CTID[--id uuid] [--name name]~~script~~[--description desc] [--skip-suspend] [--skip-config]

~~Run specified shell script inthe container. Argument script is~~ Creates a ~~file on the hostsystem which contents is read by vzctl and executed in thecontext of the container. For a running~~ containersnapshot, ~~thecommand jumps into the container and executes the script~~i.~~For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root~~e. ~~In the latter case,~~ saves the current container ~~is notreally started~~state, no including its file ~~systems other than root (such as/proc) are mounted~~system state, ~~no startup scripts are executedetc. Thus the environment in which the script is~~ running is~~far from normal~~ processes state, and ~~is only usable for very basic~~configuration~~operations~~file.

If a containeris running, and ~~enter [~~--~~exec~~skip-suspendoption is not~~command [arg ..~~specified, a container is checkpointed and then restored,and CT memory dump becomes the part of snapshot.]]

~~Enters into a~~ Unless--skip-config option is given, container ~~(givinga container&rsquo~~configuration file is saved to the snapshot. If uuidis not specified, it is auto-generated. ~~This option is a back~~Options--name and --~~door~~description can be used to~~for host root only~~specify the snapshot name and description, respectively. ~~The proper way to have CT root shell~~ Name isdisplayed by snapshot-list. snapshot-switch~~to use~~ CTID [--skip-resume | --must-resume][--skip-config] ~~ssh~~ --iduuid Switches the container to asnapshot identified by uuid, restoring its filesystem state, configuration (if available) and its runningstate (1if available). Note thatthe current state of a container (including its file systemstate and its configuration file) is lost!

Option

--~~exec~~skip-resume is used to ~~run command with arguments~~ignore a CT memory dump file~~after entering into~~ in a snapshot, as a result the container~~. This is useful if command to~~will end up being~~be run requires~~ in a ~~terminal~~ stopped state (so same as if a snapshot has been takenwith ~~vzctl exec~~--skip-suspend ~~can not be~~). If option~~used) and for some reason you can not use~~ ~~ssh~~--must-resume~~(1)~~is set, absense of a memory dump istreated as an error, and the inability to restore from thememory dump is treated as an error rather than warning.

~~You need to log~~Option option~~out manually from the shell to finish session (even if youspecified~~ --~~exec~~skip-config)is used to ignore the CT configurationfile in a snapshot, i.e. the current configuration file willbe left as is.

~~console~~snapshot-deleteCTID --id uuid

~~Attach to the container’s~~Removes a specified~~console. Note that the console is persistent, meaning it canbe attached to even if the container is not running, andthere is no automatic detachment when the container isstopped~~snapshot.

~~Type~~ ~~Esc~~snapshot-mount~~then~~ CTID .--id ~~to detach from the console. Note that thissequence is only recognized after~~ uuid ~~Enter~~--target.directory

Mounts a snapshot specified byuuid to a directory. Note this mount isread-only.

snapshot-umountCTID--~~help~~id uuid

~~Prints help message with~~ Unmounts aspecified~~brief list of possible options~~snapshot.

snapshot-listCTID [-H] [-ofield[,field...] [-~~version~~-iduuid]

~~Prints vzctl~~List container’s~~version~~snapshots.

You cansuppress displaying header using -H option.

You can use the~~vzctl~~-o~~has an ability~~ option to ~~execute user-defined scripts when a~~display only the specified~~specific~~ <bi>~~vzctl~~field</bi> ~~command is run for a container~~(s). ~~Thefollowing vzctl commands~~ List of available fields can ~~trigger execution of~~be obtained~~action scripts:~~ using ~~start, stop, restart,mount and umount~~-Loption.

~~Action scriptsare located in the /etc/vz/conf/ directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of vps. and are executed for all containers.Per-CT scripts have a CTID numeric prefix and areexecuted for the given~~ == Performing container ~~only.~~actions ===

<~~p style~~table width="~~margin-left:11~~100%~~; margin-top: 1em~~" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">~~Please notescripts are executed in a host system (CT0) context, withthe exception of~~ <btr valign="top" align="left">~~.start~~<~~/b> and <b~~td width="11%">~~.stop~~</btd> ~~scripts,which are executed in a container context.~~</ptd width="9%">

~~The followingaction scripts are currently defined:~~ ~~ vps.premount~~create, <i/p>~~CTID~~</itd><btd width="2%">~~.premount~~</btd></ptd width="78%">

CTID[--ostemplate name][--config name][--layout simfs|ploop[:{expanded|plain|raw}]][--diskspace kbytes][--diskinodes num][--private "path][--root path][~~Global and per~~-~~CT mount scripts~~-ipadd addr]~~which are executed for a container before it is mounted.~~[--hostname name]~~Scripts are executed in the host system context, while a CT~~[--name name]~~is not yet mounted or running. Global script, if exists, is~~[--local_uid uid]~~executed first.~~[--local_gid gid] </td></tr></table>

~~vps~~Creates a newcontainer area.~~mount~~This operation should be done once,before~~CTID~~the first start of the container.~~mount~~

~~Global and per-CT mount scripts~~By default, an~~which are executed for a container right after it is~~OS template denoted by DEF_OSTEMPLATE parameter of~~mounted~~[[Man/vz. ~~Otherwise they are the same as~~ conf.5|vz.~~premount~~conf(5)]] is used to create a container. This can be~~scripts~~overwritten by --ostemplate option.

By default, anew container configuration file is created from a sampleconfiguration denoted by value of <ib>~~CTID~~CONFIGFILE</ib>parameter of [[Man/vz.conf.5|vz.~~start~~conf(5)]]. If the containerconfiguration file already exists, it will not bemodified.

~~Right after~~ The value ofCONFIGFILE can be overwritten by using the~~vzctl~~--config ~~has~~name option. This option can not be~~started a container, it executes this script in a~~ used if the container~~context~~configuration file already exists.

A new containercan either be created using <ib>simfs filesystem or on aploop device. The default is set by value ofVE_LAYOUT parameter of [[Man/vz.conf.5|vz.conf(5)]] and can beoverwritten by --layout option. In case ~~CTID~~ploop</ib>is used, one can additionally specify ploop disk imageformat after a colon. Possible ploop formats areexpanded, plain and raw. Default isexpanded.~~stop~~Using value other than expandedisnot recommended and is currently not supported.

~~Right before~~ You can use~~vzctl~~--diskspace ~~has~~and --diskinodes options to~~stopped a~~ specify containerfile system size. Note that forploop layout, ~~it executes this script in a container~~you will not be able to change inodes~~context~~value later.

If~~vps~~DISKSPACE is not specified either in the sampleconfiguration file used for creation or in globalconfiguration file [[Man/vz.~~umount~~conf.5|vz.conf(5)]],<ib>~~CTID~~--diskspace</ib>parameter is required for ~~.umount~~plooplayout.

~~Global and per-CT umount~~Suffixes~~scripts which are executed for a container before it isunmounted. Scripts are executed in the host system context~~G, M,K can also be specified (see~~while a CT is mounted. Global script, if exists, is executed~~Resource limits section for more info on~~first~~suffixes).

You can use~~vps.postumount~~--root,~~CTID~~pathoption to sets the path to themount point for the container root directory (default isVE_ROOT specified in [[Man/vz.conf.5|vz.conf(5)]] file).~~postumount~~Argument can contain literal string $VEID, which willbe substituted with the numeric CT ID.

~~Global and per~~You can use--~~CT umount~~private path option to set the path to~~scripts~~ directory in which all the files and directories specific tothis very container are ~~executed for a container right after it~~ stored (default isVE_PRIVATE~~unmounted~~specified in [[Man/vz.conf. ~~Otherwise they are the same as~~ 5|vz.conf(5)]] file).~~umount~~Argument can containliteral string $VEID, which will be substituted with~~scripts~~the numeric CT ID.

~~The environment~~You can use~~passed to all the~~ *mount--ipadd ~~scripts is the standardenvironment of the parent (~~<i~~.e. <b~~>~~vzctl~~addr</bi>~~) with two~~option to assign an IP address to~~additional variables: $VEID and $VE_CONFFILE.The first one holds the ID of the~~ a container~~, and the secondone holds the full path to the container configuration file~~.Note that this option can be used multiple~~If the script needs to get other CT configurationparameters, such as $VE_ROOT, it needs to get thosefrom global and per-CT configuration files~~times.

~~Here is anexample of a mount script, which makes host system’s/mnt/disk available to container(s). Script name~~ You can ~~either~~usebe ~~/etc/vz/conf/vps.mount or/etc/vz/conf/~~--hostname~~CTID~~name~~.mount~~option to set a host name fora container.

<~~pre~~ p style="margin-left:1117%; margin-top: 1em"> ~~# If one of these files does not exist then something~~When running ~~# is really broken~~with an upstream Linux Kernel that supports user namespaces [ (>= 3.8), the parameters --f local_uid</~~etc~~b> and--local_gid</~~sysconfig~~b> can be used to select which uid</~~vz ] || exit 1~~i> ~~[ -f $VE_CONFFILE ] || exit 1~~and gid respectively will be used as a base user in ~~# Source both files~~the host system. Note ~~the order is important~~that user namespaces provide a 1:1mapping between container users and host users.If these . options are not specified, the values LOCAL_UID</~~etc~~b> andLOCAL_GID</vzb> from global configuration file[[Man/vz.conf . ~~$VE_CONFFILE~~ ~~SRC=~~5|vz.conf</~~mnt~~b>(5)]] are used. An explicit --local_uid</~~disk~~b> ~~DST=/mnt/disk~~value of 0 will disable user namespace support, and run thecontainer as a privileged user. In this case, ~~mount~~ -n -~~t simfs $SRC ${VE_ROOT}${DST} -o $SRC~~local_gid is ignored.</~~pre~~p>

Warning:use --local_uid and --local_gid with care,specially when migrating containers. In all situations, thecontainer’s files in the filesystem needs to becorrectly owned by the host-side users.

~~Returns 0 upon~~destroy | delete~~success, or an appropriate error code in case of anerror:~~CTID

<~~table width~~p style="~~100~~margin-left:17%;" ~~border="0" rules="none" frame="void"~~>Removes a container privatearea by deleting all files, directories and the ~~cellspacing="0" cellpadding="0"~~configuration file of this container. <~~tr valign="top" align~~p style="margin-left:11%;">start CTID[--wait] [--force] [<~~td width="11%"~~b>--skip-fsck</tdb>][--skip-remount<~~td width="4%"~~/b>]

<pstyle="margin-left:17%;">Mounts (if necessary) andstarts a container. Unless 1--wait</pb> option isspecified, vzctl</tdb>will return immediately; otherwisean attempt to wait till the default runlevel is reached willbe made by <~~td width="7%"~~b>vzctl</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Failed to set a UBC parameter~~Specify</pb>--force</~~td></tr><tr valign="top" align="left"~~b>if you want to start a container which isdisabled (see <~~td width="11%"~~b>--disabled</tdb>).<~~td width="4%"~~/p>

<p~~>2</td><td width~~style="7margin-left:17%; margin-top: 1em">Specify--skip-fsck</tdb>to skip fsck for ploop-based containerfilesystem (this option is used by vz initscript).<~~td width="78%"~~/p>

<p~~>Failed to set a fair scheduler parameter</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">By default, ifa container to be started happens to be already mounted, itis unmounted and mounted again. This behavior can be turnedoff by using <~~td width="11%"~~b>--skip-remount</tdb>flag.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of premount,3mount</pb> and start</tdb>action scripts (see ACTIONSCRIPTS<~~td width~~/b> below). stop</tdb> CTID[--fast<~~td width="78%"~~/b>] [--skip-umount]

<pstyle="margin-left:17%;">~~Generic system error~~Stops a container and unmountsit (unless --skip-umount</pb> is given). Normally,halt</tdb>(8) is executed inside a container; option--fast</trb>makes vzctl<~~tr valign="top" align="left"~~/b>use <~~td width="11%"~~b>reboot</tdb>(2)syscall instead which is faster but can lead to uncleancontainer shutdown.<~~td width="4%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">Note thatvzctl stop is not asyncronous, in other words vzctlwaits for container’s init to exit (unless--fastis given), which can take up to a few minutes.Default wait timeout is 120 seconds; it can be changedglobally, by setting STOP_TIMEOUT in[[Man/vz.conf.5|vz.conf</pb>(5)]], or per container (STOP_TIMEOUT</tdb>in[[Man/ctid.conf.5|ctid.conf<~~td width="7%"~~/b>(5)]], see --stop-timeout</tdb>).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~The running kernel is not an OpenVZ kernel (or some~~Note that this~~OpenVZ modules are not loaded)~~command can lead to execution of stop</pb>, <~~/td~~b>umount</trb>and <~~tr valign="top" align="left"~~b>postumountaction scripts (see <~~td width="11%"~~b>ACTIONSCRIPTS</tdb>below).<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">6restart</pb> CTID</tdi>[--wait] [--force] [<~~td width="7%"~~b>--fast</tdb>][--skip-fsck<~~td width="78%"~~/b>]

<pstyle="margin-left:17%;">~~Not enough system resources~~Restarts a container, i.e.stops it if it is running, and starts again. Accepts all the</pb>start</tdb>and <~~/tr~~b>stop<~~tr valign="top" align="left"><td width="11%"~~/b>options.</~~td><td width="4%"~~p>

<p~~>7</td><td width~~style="7margin-left:17%; margin-top: 1em">Note that thiscommand can lead to execution of some action scripts (seeACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~ENV_CREATE~~status ~~ioctl failed~~</pi>CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<p~~>8</td><td width~~style="7margin-left:17%;">Shows a container status. Thisis a line with five or six words, separated by spaces.</~~td><td width="78%"~~p>

<p~~>Command executed by vzctl exec returned non-zeroexit code</td></tr><tr valign~~style="margin-left:17%; margin-top~~" align="left~~: 1em">First word isliterally <~~td width="11%"~~b>CTID</tdb>.<~~td width="4%"~~/p>

<p~~>9</td><td width~~style="7margin-left:17%; margin-top: 1em">Second word isthe numeric CT ID</tdi>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container~~ Third word is ~~locked by another~~ showing whether this container exists or not, it can beeither ~~vzctl~~exist~~invocation~~or </pb> deleted</tdb>.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">10Fourth word isshowing the status of the container filesystem, it can beeither </pb>mounted</tdb>or <~~td width="7%"~~b>unmounted</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Global OpenVZ configuration file [[Man/vz.conf.5|~~Fifth wordshows if the container is running, it can be either~~vz.conf~~running~~(5)]] notfound~~or </pb> down</tdb>.</~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">11Sixth word, ifexists, is </pb>suspended</tdb>. It appears if a dump fileexists for a stopped container (see <~~td width="7%"~~b>suspend</tdb>).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~A vzctl helper script file not found~~This commandcan also be usable from scripts.~~</td></tr>~~ <~~tr valign="top" align~~p style="margin-left:11%;"><~~td width="11%"~~b>mount CTID</tdi><~~td width="4%"~~/p>

<pstyle="margin-left:17%;">12Mounts container private area.Note that this command can lead to execution ofpremount</pb> and mount</tdb>action scripts (see<~~td width="7%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Permission denied~~</pb>umount</tdb><~~/tr~~i>CTID<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">13Unmounts container privatearea. Note that this command can lead to execution ofumount</pb> and postumount</tdb>action scripts (see<~~td width="7%"~~b>ACTION SCRIPTS</tdb>below).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Capability setting failed~~Note that</pb>stop</tdb>does <~~/tr~~b>umount<~~tr valign="top" align="left"><td width="11%"~~/b>automatically.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">14convert</pb> CTID</tdi>[<~~td width="7%"~~b>--layoutploop[:{expanded|plain|raw</tdb>}]]<~~td width="78%"~~/p>

<pstyle="margin-left:17%;">~~Container configuration file [[Man/ctid~~Convert CT private area toreside on a ploop device (available in kernel version042stab052.~~conf~~8 and greater).~~5|ctid~~Conversion should be performedwhen a container is stopped, plus disk space quota should beset.~~conf~~</bp>~~(5)]] notfound~~</pstyle="margin-left:11%;"> <~~/td~~b>compact</trb><~~tr valign="top" align="left"~~i>CTID<~~td width="11%"~~/i></~~td><td width="4%"~~p>

<p~~>15</td><td width~~style="7margin-left:17%;">Compact container image. Thisonly makes sense for ploop layout.</~~td><td width="78%"~~p>

<pstyle="margin-left:11%;">~~Timeout on~~ ~~vzctl exec~~quotaon</pi>CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">16Turn disk quota on. Not that</pb>mount</tdb>and <~~td width="7%"~~b>start</tdb>does that automatically.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Error during~~ ~~vzctl chkpnt~~quotaoff</pi>CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">17Turn disk quota off. Not that</pb>umount</tdb>and <~~td width="7%"~~b>stop</tdb>does that automatically.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Error during~~ ~~vzctl restore~~quotainit</pi>CTID</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">18Initialize disk quota (i.e. run</pb>vzquota init</tdb>) with the parameters taken from the CTconfiguration file [[Man/ctid.conf.5|<~~td width="7%"~~b>ctid.conf</tdb>(5)]].<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Error from~~ ~~setluid()~~exec ~~syscall~~</pi>CTIDcommand</tdi></~~tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"~~p>

<pstyle="margin-left:17%;">Executes 20command</pi> in acontainer. Environment variables are not set inside thecontainer. Signal handlers may differ from default settings.If command</tdi>is <~~td width="7%"~~b>-</tdb>, commands are read fromstdin.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Invalid command line parameter~~</pb>exec2</tdb><~~/tr~~i>CTIDcommand<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">21The same as </pb>exec</tdb>, butreturn code is that of <~~td width="7%"~~i>command</tdi>.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Invalid value for command line parameter~~</pb>runscript</tdb><~~/tr~~i>CTIDscript<~~tr valign="top" align="left"><td width="11%"~~/i></~~td><td width="4%"~~p>

<pstyle="margin-left:17%;">22Run specified shell script inthe container. Argument </pi>script</tdi>is a file on the hostsystem which contents is read by vzctl and executed in thecontext of the container. For a running container, thecommand jumps into the container and executes the script.For a stopped container, it enters the container, mountscontainer’s root filesystem, executes the script, andunmounts CT root. In the latter case, the container is notreally started, no file systems other than root (such as<~~td width="7%"~~b>/proc</tdb>) are mounted, no startup scripts are executedetc. Thus the environment in which the script is running isfar from normal and is only usable for very basicoperations.<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container root directory (~~~~VE_ROOT~~enter~~) not set~~CTID</pi>[--exec</tdb><~~/tr~~i>command<~~tr valign="top" align="left"~~/i>[<~~td width="11%"~~i>arg</tdi>...]]<~~td width="4%"~~/p>

<p~~>23</td><td width~~style="7margin-left:17%;">Enters into a container (givinga container’s root shell). This option is a back-doorfor host root only. The proper way to have CT root shell isto use ssh</tdb>(1).<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Container private directory (~~Option~~VE_PRIVATE~~--exec~~) notset~~is used to run </pi> command</tdi>with argumentsafter entering into container. This is useful if command tobe run requires a terminal (so <~~/tr~~b>vzctl exec<~~tr valign="top" align="left"~~/b>can not beused) and for some reason you can not use <~~td width="11%"~~b>ssh</tdb>(1).<~~td width="4%"~~/p>

<p~~>24</td><td width~~style="7margin-left:17%; margin-top: 1em">You need to logout manually from the shell to finish session (even if youspecified --exec</tdb>).<~~td width="78%"~~/p>

<pstyle="margin-left:11%;">~~Container template directory (~~~~TEMPLATE~~console~~) notset~~</pi> CTID</~~td></tr><tr valign="top" align="left"~~i>[<~~td width="11%"~~i>ttynum</tdi>]<~~td width="4%"~~/p>

<pstyle="margin-left:17%;">Attach to a container console.Optional ttynum argument is tty number (such as4 for 28tty4</pb>), default is 1</tdb>which is usedfor container’s <~~td width="7%"~~b>/dev/console</tdb>.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~Not all required UBC parameters~~ Note theconsoles are ~~set~~persistent, ~~unable~~ meaning that: • it can be attached to ~~start~~even if the container is not~~container~~running; </pbr> • there is no automatic detachment upon the containerstop; <~~/td></tr~~br>~~<tr valign="top" align="left">~~• detaching from the console leaves anything running in~~<td width="11%">~~this console as is.</~~td><td width="4%"~~p>

<p~~>29</td><td width~~style="7margin-left:17%; margin-top: 1em">The followingescape sequences are recognized by vzctl console</tdb>.Note that these sequences are only recognized at thebeginning of a line.<~~td width="78%"~~/p>

<pstyle="margin-left:17%; margin-top: 1em">~~OS template is not specified, unable to create~~•~~container~~</pb> Esc</tdb>then <~~/tr~~b>.<~~tr valign="top" align="left"><td width="11%"~~/b>to detach from the console.</~~td><td width="4%"~~p>

<pstyle="margin-left:17%; margin-top: 1em">31•</pb>Esc</tdb>then <~~td width="7%"~~b>!</tdb>to kill anything running on theconsole (SAK). This is helpful when one expects a loginprompt but there isn’t one.<~~td width="78%"~~/p>

~~Container not running</td></tr><tr valign~~=~~"top" align~~=~~"left"><td width~~=~~"11%"></td><td width~~Other options ===~~"4%">~~

<p~~>32</td><td width~~style="7margin-left:11%;">--help</tdb><~~td width="78%"~~/p>

<p~~>Container already running</td></tr><tr valign="top" align~~style="margin-left:17%;">Prints help message with a~~<td width="11%">~~brief list of possible options.</~~td><td width="4%"~~p>

<p~~>33</td><td width~~style="7margin-left:11%;">--version</tdb><~~td width="78%"~~/p>

<p~~>Unable to stop container</td></tr><tr valign="top" align~~style="margin-left:17%;">Prints <~~td width="11%"~~b>vzctl</tdb>version.<~~td width="4%"~~/p>

~~34</td><td width~~=~~"7%"></td><td width~~=~~"78%">~~ACTION SCRIPTS ==

<pstyle="margin-left:11%; margin-top: 1em">~~Unable to add IP address~~ vzctlhas an ability to execute user-defined scripts when aspecific vzctl command is run for a container. Thefollowing vzctl commands can trigger execution ofaction scripts: start</pb>, stop</tdb>, restart</trb>,<~~tr valign="top" align="left"~~b>mountand <~~td width="11%"~~b>umount</tdb>.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">Action scriptsare located in the 40/etc/vz/conf/</pb> directory. There areglobal and per-CT scripts. Global scripts have a literalprefix of vps.</tdb>and are executed for all containers.Per-CT scripts have a <~~td width="7%"~~i>CTID.</tdb>numeric prefix andare executed for the given container only.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Container not mounted~~Please notescripts are executed in a host system (CT0) context, withthe exception of </pb>.start</tdb>and <~~/tr~~b>.stop<~~tr valign="top" align="left"~~/b>scripts,~~<td width="11%">~~which are executed in a container context.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%; margin-top: 1em">41The followingaction scripts are currently defined: vps.premount</pb>, CTID</tdi><~~td width="7%"~~b>.premount</tdb><~~td width="78%"~~/p>

<p~~>Container already mounted</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT mount scripts~~<td width="11%">~~which are executed for a container before it is mounted.Scripts are executed in the host system context, while a CTis not yet mounted or running. Global script, if exists, isexecuted first.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">43vps.mount</pb>,CTID</tdi><~~td width="7%"~~b>.mount</tdb><~~td width="78%"~~/p>

<p~~>Container private area not found</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT mount scriptswhich are executed for a container right after it ismounted. Otherwise they are the same as <~~td width="11%"~~b>.premount</tdb>scripts.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">44</pi>CTID</tdi><~~td width="7%"~~b>.start</tdb><~~td width="78%"~~/p>

<p~~>Container private area already exists</td></tr><tr valign="top" align~~style="margin-left:22%;">Right after <~~td width="11%"~~b>vzctl</tdb>hasstarted a container, it executes this script in a containercontext.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">46</pi>CTID</tdi><~~td width="7%"~~b>.stop</tdb><~~td width="78%"~~/p>

<p~~>Not enough disk space</td></tr><tr valign="top" align~~style="margin-left:22%;">Right before <~~td width="11%"~~b>vzctl</tdb>hasstopped a container, it executes this script in a containercontext.<~~td width="4%"~~/p>

<pstyle="margin-left:11%;">47vps.umount</pb>,CTID</tdi><~~td width="7%"~~b>.umount</tdb><~~td width="78%"~~/p>

<p~~>Bad/broken container (/sbin/init or/bin/sh not found)</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT umountscripts which are executed for a container before it isunmounted. Scripts are executed in the host system context,~~<td width="11%">~~while a CT is mounted. Global script, if exists, is executedfirst.</~~td><td width="4%"~~p>

<pstyle="margin-left:11%;">48vps.postumount</pb>,CTID</tdi><~~td width="7%"~~b>.postumount</tdb><~~td width="78%"~~/p>

<p~~>Unable to create a new container private area</td></tr><tr valign="top" align~~style="margin-left:22%;">Global and per-CT umountscripts which are executed for a container right after it isunmounted. Otherwise they are the same as <~~td width="11%"~~b>.umount</tdb>scripts.<~~td width="4%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">The environmentpassed to all the *mount49scripts is the standardenvironment of the parent (i.e. vzctl</pb>) with twoadditional variables: $VEID and $VE_CONFFILE</tdb>.The first one holds the ID of the container, and the secondone holds the full path to the container configuration file.If the script needs to get other CT configurationparameters, such as <~~td width="7%"~~b>$VE_ROOT</tdb>, it needs to get thosefrom global and per-CT configuration files.<~~td width="78%"~~/p>

<pstyle="margin-left:11%; margin-top: 1em">~~Unable~~ Here is anexample of a mount script, which makes host system’s/mnt/disk available to ~~create a new~~ container ~~root area~~(s). Script name can eitherbe /etc/vz/conf/vps.mount or/etc/vz/conf/CTID.mount. <pre style="margin-left:11%; margin-top: 1em"> # If one of these files does not exist then something # is really broken [ -f /etc/vz/vz.conf ] || exit 1 [ -f $VE_CONFFILE ] || exit 1 # Source both files. Note the order is important. . /tdetc/vz/vz.conf . $VE_CONFFILE SRC=/mnt/disk DST=/mnt/disk mount -n -t simfs $SRC ${VE_ROOT}${DST} -o $SRC</pre> == EXIT STATUS == Returns 0 uponsuccess, or an appropriate error code in case of anerror:</trp> <table width="100%" border="0" rules="none" frame="void" cellspacing="0" cellpadding="0">

501</td>

~~Unable~~ Failed to ~~mount container~~set a UBC parameter</td></tr>

512</td>

~~Unable~~ Failed to ~~unmount container~~set a fair scheduler parameter</td></tr>

523</td>

~~Unable to delete a container~~Generic system error</td></tr>

535</td>

~~Container private area~~ The running kernel is not ~~exist~~an OpenVZ kernel (or someOpenVZ modules are not loaded)</td></tr>

606</td>

~~vzquota on failed~~Not enough system resources</td></tr>

617</td>

~~vzquota init~~ENV_CREATE ioctl failed</td></tr>

628</td>

Command executed by ~~vzquota setlimit~~vzctl exec ~~failed~~returned non-zeroexit code</td></tr>

639</td>

~~Parameter~~ Container is locked by another ~~DISKSPACE~~vzctl ~~not set~~invocation</td></tr>

6410</td>

~~Parameter~~ Global OpenVZ configuration file [[Man/vz.conf.5|~~DISKINODES~~vz.conf (5)]] not ~~set~~found</td></tr>

6611</td>

~~vzquota off failed~~A vzctl helper script file not found</td></tr>

6712</td>

~~ugid quota not initialized~~Permission denied</td></tr>

7113</td>

~~Incorrect IP address format~~Capability setting failed</td></tr>

7414</td>

~~Error changing password~~Container configuration file [[Man/ctid.conf.5|ctid.conf(5)]] notfound</td></tr>

7815</td>

~~IP address already in use~~Timeout on vzctl exec</td></tr>

7916</td>

~~Container action script returned an error~~Error during vzctl suspend</td></tr>

8217</td>

~~Config file copying error~~Error during vzctl resume</td></tr>

8618</td>

Error ~~setting devices (~~from ~~--devices~~setluid() or~~--devnodes)~~syscall </td></tr>

8920</td>

~~IP address not available~~Invalid command line parameter</td></tr>

9121</td>

~~OS template not found~~Invalid value for command line parameter</td></tr>

~~100~~22</td>

~~Unable to find container IP address~~Container root directory (VE_ROOT) not set</td></tr>

~~104~~23</td>

Container private directory (~~VE_NETDEV~~VE_PRIVATE ~~ioctl error~~) notset</td></tr>

~~105~~24</td>

Container ~~start disabled~~template directory (TEMPLATE) notset</td></tr>

~~106~~28</td>

~~Unable~~ Not all required UBC parameters are set, unable to ~~set iptables on a running~~ startcontainer</td></tr>

~~107~~29</td>

~~Distribution-specific configuration file~~ OS template is not ~~found~~specified, unable to createcontainer</td></tr>

~~109~~31</td>

~~Unable to apply a config~~Container not running</td></tr>

~~129~~32</td>

~~Unable to set meminfo parameter~~Container already running</td></tr>

~~130~~33</td>

~~Error setting veth interface~~Unable to stop container</td></tr>

~~131~~34</td>

~~Error setting~~ Unable to add IP address to container ~~name~~</td></tr>

~~133~~40</td>

~~Waiting for container start failed~~Container not mounted</td></tr>

~~139~~41</td>

~~Error saving container configuration file~~Container already mounted</td></tr>

~~148~~43</td>

~~Error setting container IO parameters (ioprio)~~Container private area not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 44</td><td width="7%"></td><td width="78%"> Container private area already exists</td></tr>

~~150~~46</td>

~~Ploop image file not found~~Not enough disk space</td></tr>

~~151~~47</td>

~~Error creating ploop image~~Bad/broken container (/sbin/init or/bin/sh not found)</td></tr>

~~152~~48</td>

~~Error mounting ploop image~~Unable to create a new container private area</td></tr>

~~153~~49</td>

~~Error unmounting ploop image~~Unable to create a new container root area</td></tr>

50</td><td width="7%"></td><td width="78%"> Unable to mount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 51</td><td width="7%"></td><td width="78%"> Unable to unmount container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 52</td><td width="7%"></td><td width="78%"> Unable to delete a container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 53</td><td width="7%"></td><td width="78%"> Container private area not exist</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 60</td><td width="7%"></td><td width="78%"> vzquota on failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 61</td><td width="7%"></td><td width="78%"> vzquota init failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 62</td><td width="7%"></td><td width="78%"> vzquota setlimit failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 63</td><td width="7%"></td><td width="78%"> Parameter DISKSPACE not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 64</td><td width="7%"></td><td width="78%"> Parameter DISKINODES not set</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 65</td><td width="7%"></td><td width="78%"> Error setting in-container disk quotas</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 66</td><td width="7%"></td><td width="78%"> vzquota off failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 67</td><td width="7%"></td><td width="78%"> ugid quota not initialized</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 71</td><td width="7%"></td><td width="78%"> Incorrect IP address format</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 74</td><td width="7%"></td><td width="78%"> Error changing password</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 78</td><td width="7%"></td><td width="78%"> IP address already in use</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 79</td><td width="7%"></td><td width="78%"> Container action script returned an error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 82</td><td width="7%"></td><td width="78%"> Config file copying error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 86</td><td width="7%"></td><td width="78%"> Error setting devices (--devices or--devnodes) </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 89</td><td width="7%"></td><td width="78%"> IP address not available</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 91</td><td width="7%"></td><td width="78%"> OS template not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 99</td><td width="7%"></td><td width="78%"> Ploop is not supported by either the running kernel orvzctl. </td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 100</td><td width="7%"></td><td width="78%"> Unable to find container IP address</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 104</td><td width="7%"></td><td width="78%"> VE_NETDEV ioctl error</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 105</td><td width="7%"></td><td width="78%"> Container start disabled</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 106</td><td width="7%"></td><td width="78%"> Unable to set iptables on a running container</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 107</td><td width="7%"></td><td width="78%"> Distribution-specific configuration file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 109</td><td width="7%"></td><td width="78%"> Unable to apply a config</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 129</td><td width="7%"></td><td width="78%"> Unable to set meminfo parameter</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 130</td><td width="7%"></td><td width="78%"> Error setting veth interface</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 131</td><td width="7%"></td><td width="78%"> Error setting container name</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 133</td><td width="7%"></td><td width="78%"> Waiting for container start failed</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 139</td><td width="7%"></td><td width="78%"> Error saving container configuration file</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 148</td><td width="7%"></td><td width="78%"> Error setting container IO parameters (ioprio)</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 150</td><td width="7%"></td><td width="78%"> Ploop image file not found</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 151</td><td width="7%"></td><td width="78%"> Error creating ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 152</td><td width="7%"></td><td width="78%"> Error mounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 153</td><td width="7%"></td><td width="78%"> Error unmounting ploop image</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 154</td>

155</td><td width="7%"></td><td width="78%"> Error converting container to ploop layout</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 156</td><td width="7%"></td><td width="78%"> Error creating ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 157</td><td width="7%"></td><td width="78%"> Error merging ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 158</td><td width="7%"></td><td width="78%"> Error deleting ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 159</td><td width="7%"></td><td width="78%"> Error switching ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%"> 166</td>

Error ~~creating~~ compacting ploop ~~snapshot~~image</td></tr>

~~157~~167</td>

Error ~~merging~~ listing ploop ~~snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~158</td><td width="7%"></td><td width="78%">~~ ~~Error deleting ploop snapshot</td></tr><tr valign="top" align="left"><td width="11%"></td><td width="4%">~~ ~~159</td><td width="7%"></td><td width="78%">~~ ~~Error switching ploop snapshot~~snapsots</td></tr>

</table>

Copyright (C)

2000-~~2011~~2013, Parallels, Inc. Licensed under GNU GPL.

Botinki Kira

Bots

2,253

edits

Changes

Man/vzctl.8

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Services

Donate

Tools